Sign up to save your podcasts
Or
Share China's Cyber Dragon Awakens: Zero-Days, Indictments, and Stealthy Malware Galore!
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
China's Cyber Dragon Awakens: Zero-Days, Indictments, and Stealthy Malware Galore!
This is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks hitting US tech defenses. Buckle up, because the last 24 hours dropped some scorcher alerts on China-linked ops that have CISA scrambling and defenders sweating.
Straight out the gate, Chinese state-sponsored crew UAT-9686 is hammering Cisco's AsyncOS in Secure Email Gateways and Web Managers—think CVE-2025-20393, a max CVSS 10.0 zero-day letting root access via misconfigured HTTP interfaces. Cisco's advisory confirms attacks kicked off in November, deploying AquaShell Python backdoors and AquaTunnel for sneaky data exos from US firms. Rapid7 scanned over 800 exposed boxes, many in finance and gov sectors. No patch yet, so Cisco screams: disable Spam Quarantine listeners, firewall that management port, and rebuild compromised gear. CISA's eyeing KEV addition any second.
Meanwhile, Ink Dragon—that crafty China nexus—expanded espionage into European govs using compromised servers as launchpads, blending with legit admin traffic via ShadowPad and FINALDRAFT malware, per Check Point Research. They're living off the land, tunneling out secrets with multi-month dwells. Defenders, harden external services, clamp egress, hunt odd scheduled tasks and credential hops.
Don't sleep on the malicious React2Shell scanner on GitHub by niha0wa—it's baiting researchers probing CVE-2025-55182 with mshta.exe payloads, turning your vuln hunters into hacked. Microsoft guidance: inventory React/Next.js apps, slap WAF rules, rotate creds post-RCE. CISA jammed this into KEV, mandating feds patch by now.
Fresh CISA drop warns of Brickstorm malware persisting in US orgs—Rust-based samples from China-nexus groups, per their analysis. IoCs out for detection.
Official moves? US Justice indicted 12 Chinese hackers from Ministry of State Security units for years of hits on aerospace like Boeing, national labs, defense contractors, even pandemic researchers and dissidents. Sectors hammered: telecom, energy, manufacturing—echoing Salt Typhoon vibes.
CISA's KEV pile-on includes SonicWall SMA1000 zero-days (CVE-2025-40602) for edge access breaches, HPE OneView RCE at CVSS 10.0, and Android zero-days CVE-2025-48633/48572 under targeted exploits. Patch fleets yesterday.
My defensive playbook: Hunt anomalous web processes, validate vendors like 700Credit post-breach, rotate all keys, enable MFA everywhere, and simulate multi-month IR. China crews like LongNosedGoblin and Jewelbug are patient—match that vigilance.
Thanks for tuning in, listeners—subscribe for daily drops to stay ahead of the dragon. This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks hitting US tech defenses. Buckle up, because the last 24 hours dropped some scorcher alerts on China-linked ops that have CISA scrambling and defenders sweating.
Straight out the gate, Chinese state-sponsored crew UAT-9686 is hammering Cisco's AsyncOS in Secure Email Gateways and Web Managers—think CVE-2025-20393, a max CVSS 10.0 zero-day letting root access via misconfigured HTTP interfaces. Cisco's advisory confirms attacks kicked off in November, deploying AquaShell Python backdoors and AquaTunnel for sneaky data exos from US firms. Rapid7 scanned over 800 exposed boxes, many in finance and gov sectors. No patch yet, so Cisco screams: disable Spam Quarantine listeners, firewall that management port, and rebuild compromised gear. CISA's eyeing KEV addition any second.
Meanwhile, Ink Dragon—that crafty China nexus—expanded espionage into European govs using compromised servers as launchpads, blending with legit admin traffic via ShadowPad and FINALDRAFT malware, per Check Point Research. They're living off the land, tunneling out secrets with multi-month dwells. Defenders, harden external services, clamp egress, hunt odd scheduled tasks and credential hops.
Don't sleep on the malicious React2Shell scanner on GitHub by niha0wa—it's baiting researchers probing CVE-2025-55182 with mshta.exe payloads, turning your vuln hunters into hacked. Microsoft guidance: inventory React/Next.js apps, slap WAF rules, rotate creds post-RCE. CISA jammed this into KEV, mandating feds patch by now.
Fresh CISA drop warns of Brickstorm malware persisting in US orgs—Rust-based samples from China-nexus groups, per their analysis. IoCs out for detection.
Official moves? US Justice indicted 12 Chinese hackers from Ministry of State Security units for years of hits on aerospace like Boeing, national labs, defense contractors, even pandemic researchers and dissidents. Sectors hammered: telecom, energy, manufacturing—echoing Salt Typhoon vibes.
CISA's KEV pile-on includes SonicWall SMA1000 zero-days (CVE-2025-40602) for edge access breaches, HPE OneView RCE at CVSS 10.0, and Android zero-days CVE-2025-48633/48572 under targeted exploits. Patch fleets yesterday.
My defensive playbook: Hunt anomalous web processes, validate vendors like 700Credit post-breach, rotate all keys, enable MFA everywhere, and simulate multi-month IR. China crews like LongNosedGoblin and Jewelbug are patient—match that vigilance.
Thanks for tuning in, listeners—subscribe for daily drops to stay ahead of the dragon. This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks hitting US tech defenses. Buckle up, because the last 24 hours dropped some scorcher alerts on China-linked ops that have CISA scrambling and defenders sweating.
Straight out the gate, Chinese state-sponsored crew UAT-9686 is hammering Cisco's AsyncOS in Secure Email Gateways and Web Managers—think CVE-2025-20393, a max CVSS 10.0 zero-day letting root access via misconfigured HTTP interfaces. Cisco's advisory confirms attacks kicked off in November, deploying AquaShell Python backdoors and AquaTunnel for sneaky data exos from US firms. Rapid7 scanned over 800 exposed boxes, many in finance and gov sectors. No patch yet, so Cisco screams: disable Spam Quarantine listeners, firewall that management port, and rebuild compromised gear. CISA's eyeing KEV addition any second.
Meanwhile, Ink Dragon—that crafty China nexus—expanded espionage into European govs using compromised servers as launchpads, blending with legit admin traffic via ShadowPad and FINALDRAFT malware, per Check Point Research. They're living off the land, tunneling out secrets with multi-month dwells. Defenders, harden external services, clamp egress, hunt odd scheduled tasks and credential hops.
Don't sleep on the malicious React2Shell scanner on GitHub by niha0wa—it's baiting researchers probing CVE-2025-55182 with mshta.exe payloads, turning your vuln hunters into hacked. Microsoft guidance: inventory React/Next.js apps, slap WAF rules, rotate creds post-RCE. CISA jammed this into KEV, mandating feds patch by now.
Fresh CISA drop warns of Brickstorm malware persisting in US orgs—Rust-based samples from China-nexus groups, per their analysis. IoCs out for detection.
Official moves? US Justice indicted 12 Chinese hackers from Ministry of State Security units for years of hits on aerospace like Boeing, national labs, defense contractors, even pandemic researchers and dissidents. Sectors hammered: telecom, energy, manufacturing—echoing Salt Typhoon vibes.
CISA's KEV pile-on includes SonicWall SMA1000 zero-days (CVE-2025-40602) for edge access breaches, HPE OneView RCE at CVSS 10.0, and Android zero-days CVE-2025-48633/48572 under targeted exploits. Patch fleets yesterday.
My defensive playbook: Hunt anomalous web processes, validate vendors like 700Credit post-breach, rotate all keys, enable MFA everywhere, and simulate multi-month IR. China crews like LongNosedGoblin and Jewelbug are patient—match that vigilance.
Thanks for tuning in, listeners—subscribe for daily drops to stay ahead of the dragon. This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks hitting US tech defenses. Buckle up, because the last 24 hours dropped some scorcher alerts on China-linked ops that have CISA scrambling and defenders sweating.
Straight out the gate, Chinese state-sponsored crew UAT-9686 is hammering Cisco's AsyncOS in Secure Email Gateways and Web Managers—think CVE-2025-20393, a max CVSS 10.0 zero-day letting root access via misconfigured HTTP interfaces. Cisco's advisory confirms attacks kicked off in November, deploying AquaShell Python backdoors and AquaTunnel for sneaky data exos from US firms. Rapid7 scanned over 800 exposed boxes, many in finance and gov sectors. No patch yet, so Cisco screams: disable Spam Quarantine listeners, firewall that management port, and rebuild compromised gear. CISA's eyeing KEV addition any second.
Meanwhile, Ink Dragon—that crafty China nexus—expanded espionage into European govs using compromised servers as launchpads, blending with legit admin traffic via ShadowPad and FINALDRAFT malware, per Check Point Research. They're living off the land, tunneling out secrets with multi-month dwells. Defenders, harden external services, clamp egress, hunt odd scheduled tasks and credential hops.
Don't sleep on the malicious React2Shell scanner on GitHub by niha0wa—it's baiting researchers probing CVE-2025-55182 with mshta.exe payloads, turning your vuln hunters into hacked. Microsoft guidance: inventory React/Next.js apps, slap WAF rules, rotate creds post-RCE. CISA jammed this into KEV, mandating feds patch by now.
Fresh CISA drop warns of Brickstorm malware persisting in US orgs—Rust-based samples from China-nexus groups, per their analysis. IoCs out for detection.
Official moves? US Justice indicted 12 Chinese hackers from Ministry of State Security units for years of hits on aerospace like Boeing, national labs, defense contractors, even pandemic researchers and dissidents. Sectors hammered: telecom, energy, manufacturing—echoing Salt Typhoon vibes.
CISA's KEV pile-on includes SonicWall SMA1000 zero-days (CVE-2025-40602) for edge access breaches, HPE OneView RCE at CVSS 10.0, and Android zero-days CVE-2025-48633/48572 under targeted exploits. Patch fleets yesterday.
My defensive playbook: Hunt anomalous web processes, validate vendors like 700Credit post-breach, rotate all keys, enable MFA everywhere, and simulate multi-month IR. China crews like LongNosedGoblin and Jewelbug are patient—match that vigilance.
Thanks for tuning in, listeners—subscribe for daily drops to stay ahead of the dragon. This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI